Analysis

  • max time kernel
    117s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-04-2024 22:21

General

  • Target

    Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll

  • Size

    416KB

  • MD5

    7bce8a849a919e69a75de79d4ab30057

  • SHA1

    c4f0ad92bec89704384c61c7d8adb45aa7a7d026

  • SHA256

    fef0cd4f4c673f61d80adf00c89456fad03f8bb60fd88c9445566a4c92f4eea1

  • SHA512

    76141aafd0c9115bab71dc02ba96d899deb0172683165607a82075fd819e002fa2935a0616f8c58993a57f25a90b7db5c0daf1134b4ad3d5fb5bd765af6b1d2b

  • SSDEEP

    6144:oXC7n1NAENlp6yGvvNNVyrm3oZg8pCrrKsnnz1Y+Jv+scqzY30t8W0iD:uI1BNT6FNNU63eg8QrmGvg3DW0i

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Content.Warning.v1.9.b-0xdeadc0de\Content Warning_Data\Plugins\x86_64\lib_burst_generated.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1652 -s 80
      2⤵
        PID:320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads